CVE-2016-6933

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

1.2%

top 21.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Experience Manager Adobe Livecycle

Timeline

PublishedDec 15

Latest updateMay 17

Description

Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDadobe/livecycle10.0.4, 11.0.1+1

▶NVDadobe/experience_manager6.0.0, 6.1.0, 6.2.0+2

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-qf2q-j47h-rfcj: Adobe Experience Manager Forms versions 6↗2022-05-17

▶

CVEList

CVE-2016-6933: Adobe Experience Manager Forms versions 6↗2016-12-15

▶